How to defeat spyware

Tim May tcmay at got.net
Mon Jan 7 17:42:11 PST 2002



On Monday, January 7, 2002, at 05:10 PM, Dr. Evil wrote:

>> Setting a trap gun to blow away anyone who inserts a floppy (or
>> hooks up a cable) to a machine he has not been given access to is
>> morally permissable.
>
> Morally permissable or not, a shotgun and a string are unlikely to be
> effective.  The FBI went so far as to get a law passed that says that
> they can use classified technical techniques to execute the warrant so
> that they don't have to reveal their methods in court.  Could those
> methods include something as simple as a backdoor in Windows, or some
> kind of hack into Windows?  I don't have any evidence one way or the
> other, but it's a reasonable possibility.  These guys are risk averse
> and they are on a budget, and sending in a team of armed hackers is
> both risky and expensive.
>
> Before you get the shotgun and some string and risk blowing your own
> head off, install a real OS.  Do you think the FBI break-in team has
> an OpenBSD rootkit?

Look into what's inside OS X, which is what I run. A lot of FreeBSD, 
some Mach, etc. However, I don't kid myself that keystroke loggers for 
Macs, which I have bought myself for my own use (some years ago) won't 
be carried by spooks doing sneak and peak entries.

One approach is to use a removable hard disk, or a PC Card (PCMCIA) to 
handle the PGP keys and buffers. The new flash-based USB dongles, a la 
"PEN," look intriguing. Carry it around your neck and only insert it 
long enough to get the needed passphrases and private keys off it.

A technical question for anyone: If I store passphrases (and keys, for 
extra security) on a flash-based USB drive dongle, and then use 
cut-and-paste to access them and paste them into PGP, is it possible for 
a keystroke logger to see them? In the Mac at least, pasting from a file 
or from the clipboard does not of course go through the keyboard. So a 
straightforward intercept of the keyboard driver at the BIOS level 
should not see the pasted material. I realize that "keystroke logger" 
can mean more than just logging the keyboard, however.

Some of you might have already looked into this and may have some data 
points.

It seems to me that the older type of keystroke logger (history file in 
Unix, Ghostwriter, etc.) can be defeated thusly.

Selecting letters with a mouse on the screen also bypasses the keyboard.

The question is, are "keystroke loggers" actually doing more than 
keystroke logging. Are they, for example, monitoring all screen I/O 
(seems unlikely, for bandwidth reasons).

>
> My attitude is to think about simple things and think about ways to
> de-escalate a conflict as much as possible, so I'm not so enthusiastic
> about a shotgun on a string.
>
>

That's cool. Just don't support laws affecting my decisions.


--Tim May
"A human being should be able to change a diaper, plan an invasion, 
butcher a hog, conn a ship, design a building, write a sonnet, balance 
accounts, build a wall, set a bone, comfort the dying, take orders, give 
orders, cooperate, act alone, solve equations, analyze a new problem, 
pitch manure, program a computer, cook a tasty meal, fight efficiently, 
die gallantly. Specialization is for insects." --Robert A. Heinlein





More information about the cypherpunks-legacy mailing list